CGA-qvm4-3c6g-4jg6

Published

Last updated

https://images.chainguard.dev/security/CGA-qvm4-3c6g-4jg6

Package

ruby3.3-elasticsearch

Latest Update

Fixed

Fixed Version

8.17.0-r0

Aliases

Severity

Unknown

Summary

Elasticsearch Incorrect Authorization vulnerability

Description

An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow.

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-qvm4-3c6g-4jg6

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources